Skip to main content

Data classification and storage matrix – comparing Box, OneDrive and Google Drive

IMPORTANT: These storage solutions are not appropriate for storing or sharing most types of institutional data classified as “Critical.” Review the Rutgers data classification and security matrix for more information on the types of information that are acceptable for storage on each product.

See Rutgers Policy 70.1.2 "Information Classification" for details.

Key:  = Yes, = No, = Link to additional info

DataBox       OneDrive
(Rutgers Connect)
Google Drive (ScarletApps)
Public
Internal
Course materials shared with students and instructors
Materials intended for publication/shared on non-password protected Rutgers websites
Licensed software

X

NetID usernames/student ID numbers/employee numbers

X

Internal memos and planning documents

X

Student records (“FERPA”)

X

Copyrightable and patentable information related to research
US Government Controlled Unclassified Information (CUI)

X

Bank accounts & Financial Data

X

Social security numbers, drivers license numbers, or passport numbers

X

Research materials containing IRB-prohibited data?²?²

X

Protected Health Care Information (“PHI”)?³?³

X

Library circulation or use records **??

X

Proprietary information covered under contract or non-disclosure agreements*???
Institutional Infrastructure (gas & electrical maps, etc.)???
HI-TRUST certified departments

X

X

X

Login credentials (i.e. username AND password)

X

X

X

Police records

X

X

X

Credit/debit card numbers

X

X

X

International Traffic in Arms Regulation (ITAR)

X

X

X

US Government Classified

X

X

X

NIST 800-53 (FISMA)

X

X

X

NOTE: Items marked with a “?“ either have special conditions attached to the storage of this type of data or approval is required before the listed type of data can be stored in the service.

¹ Under law, the owner of a copyright work is generally the individual or company that created the work. In research, an author can use copyrighted work as long as they credit the owner or source. Similarly, a patent places protective rights on intellectual property to protect inventions. Certain terms apply in storing copyright or patented works. Please see your respective IT support professional or the help desk to verify.

² With the spread of computer and internet-based research involving human participants, individuals must find a way to address unforeseen problems and risks. Due to the sensitive nature of data storage, backup and destruction, you must consult with your respective department head before storing content that is subject to IRB approval.

³ PHI can be stored in Box provided it is stored in a Restricted folder. Restricted folders can be identified because they are shared by your department and have -[Restricted] before the folder name. If you have questions about what information can and can’t be stored in Box, please contact your IT professional or the OIT Help Desk.

Protected health information (PHI) pertains to any personally identifiable information (PII) collected by a healthcare agency. The Health Insurance Portability and Accountability Act (HIPAA) seeks to protect the privacy rights of individuals with regards to healthcare. While Box ensures security measures such as access monitoring, reporting and audit trail, it’s important to check with your IT support professional or the OIT Help Desk before storing HIPAA-related content.

⁴ Rutgers University Libraries must provide approval before library circulation or use records can be stored in Box. Please contact the libraries for more information.

⁵ Proprietary information covered under contract or non-disclosure agreements are subject to Rutgers privacy policy. Please check with your IT support professional or the OIT Help Desk before storing this type of information in Box.

⁶ The storage of Institutional Infrastructure information (e.g. gas and electrical maps, etc) must be approved by Institutional Planning and Operations. Please check with IPO for more information.

* The approval of the sharing and storage of this data is depended upon the grant or contractual agreement
** The approval of the sharing and storage of this data is depended upon Library administration approval